AD Self Service Plus as an Advertisement Engine

I have a concern with the fact that my local installation of AD Self Service Plus is being used to generate Webinar advertisements for ManageEngine's other solutions, in this case - AD360 the Integrated identity and access management (IAM) solution.

I recently received an email from our helpdesk email address to our server admins address generated from ADSSP on our server advertising a webinar. I see this as an inappropriate use of the software and our server resources since I have purchased a license for the software to provide a specific service (managing AD password resets). If ManageEngine wants to market me with product demonstrations and sales pitches they should be doing so from their own facilities. Note that by taking the approach of using our systems to send this communication they will have had to upload the content of the message to our server product indicating some back-end access to the by from ManageEngine.

This is built into the product using the Email Server - Advanced Settings Option "Enable Product and Event Notification". Enabling this Feature should simply opt you into a ManageEngine hosted, and managed listserv - NOT ENABLE YOUR OWN PRODUCT TO DELIVER SUCH CONTENT.

Is anyone else aware of any other ManageEngine products with this functionality or other software providers taking the same approach?

To check/ enable/ disable the feature follow these steps:

1. Log in as an ADSSP administrator

2. Go to the Admin Tab

3. Expand Product Settings (Left Menu)

4. Select Server Settings

5. Mail Settings Tab (default tab)
6. Advanced Settings Link

7. Check/ Un-Check the box titled "Enable Product and Event Notification"

Here's the content of the message I received:

"Hey there,

As you may already know, using only passwords for authentication is a thing of the past. This is especially true given the shortcomings of the native Active Directory (AD) policies that govern passwords. The lack of granular enforcement options and the inability to prevent dictionary words in passwords are just some examples of how the native tools fall short.

If you're looking to improve security, find out more about AD's issues, and learn about ways to fix them, sign up for our IAM expert's webinar. You'll learn how to strengthen AD password policies with policy enhancements and multi-factor authentication.

Register now

Date: February 27, 2019

Busy that day? Go ahead and register anyway, and we'll send a recording of the webinar right to your inbox.

Best regards,
The IAM solutions team,
ManageEngine
"

And the internet header (redacted)
Content-Type: application/ms-tnef; name="winmail.dat"
Content-Transfer-Encoding: binary
From: "Help Desk" < OUR-HD-EMAIL-ADDRESS_at_justassociates.com>
To: AdminNotices < OUR-SERVER-ADMINS-ADDRESS_at_justassociates.com>
Subject: [ManageEngine Webinar] Why native AD password policies aren't strong
enough.
Thread-Topic: [ManageEngine Webinar] Why native AD password policies aren't
strong enough.
Thread-Index: AQHUySz4fuqZHWOo5kuYH/Fu0qLQ7Q==
X-MS-Exchange-MessageSentRepresentingType: 1
Date: Wed, 20 Feb 2019 15:00:08 +0000
Message-ID: <11278458.258.1550674801882.JavaMail.Manageengine$@win-app03>
Accept-Language: en-US
Content-Language: en-US
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
<11278458.258.1550674801882.JavaMail.Manageengine$@win-app03>
MIME-Version: 1.0
X-MS-Exchange-Organization-AuthAs: Internal
X-Originating-IP: [ OUR-SERVER'S-PUBLIC-IP-ADDRESS]
Return-Path: <>
X-MS-Exchange-Organization-MessageDirectionality: Originating
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-MS-Exchange-PUrlCount: 1
X-MS-Exchange-Organization-BypassClutter: true